After a suspiciously silent few days on the firewall, today marked the triumphant return of the digital divvys – the same clumsy probes, the same outdated tricks, and the same complete lack of success.
📉 Last Week: I Called It Out
- Oracle Cloud probes spoofing
Wordfencesignatures - Zero JavaScript detection
- Fingerprints flagged, blocked, logged
- Then… radio silence
This wasn’t coincidence. It was retreat. They knew they were caught.
🛰 Today: They’re Back
But guess what?
- Same ASNs
- Same fake Wordfence scans
- Same ancient Chrome UAs
- Still no JS detection
Attempts today came from:
- Amazon AWS (AS16509)
- Oracle Cloud (AS31898)
- Automattic (maybe accidental, maybe opportunistic)
All hit the same tripwires. All got blocked. All of them failed.
🤨 Why Now?
The timing is suspicious:
- TRJ trustees may finally be paying attention
- Increased traffic on key blog posts
- Plausible logs show new interest in the domain notice page
Could someone be under pressure to “check what he’s doing” again? Probably.
Are they any better at it than before? Absolutely not.
🎯 Strategic Analysis
This isn’t sophisticated surveillance. It’s an insecure org (or a contractor) still googling how to pen test a WordPress site and hoping Cloudflare won’t notice.
- They didn’t rotate IPs
- They didn’t upgrade their UA logic
- They didn’t even try JS evasion
It’s the same intern-level probing. But this time, they should already have known we’re watching in 4K.
💡 What Happens Next?
- More logging
- More exposure
- More public accountability
If TRJ or any connected party is still authorising these probes – know this:
You’ve already lost the stealth game.
Every IP. Every UA. Every ASN. Logged.
And every time you come back? I get more material.
Be First to Comment